diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 77a35fb..06a4b9c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,35 +1,32 @@ name: Release -on: +'on': push: branches: - main - + - next + - beta + - '*.x' permissions: contents: read # for checkout - jobs: release: - name: Release - runs-on: ubuntu-latest permissions: contents: write # to be able to publish a GitHub release issues: write # to be able to comment on released issues pull-requests: write # to be able to comment on released pull requests id-token: write # to enable use of OIDC for npm provenance + name: release + runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Setup Node.js - uses: actions/setup-node@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: - node-version: '20.9.0' # Updated to the latest LTS version - - name: Install dependencies - run: npm ci # Changed to npm ci for a clean install based on lock file - - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies - run: npm audit signatures - - name: Release + cache: npm + node-version: lts/* + - run: npm clean-install + - run: npm audit signatures + # pinned version updated automatically by Renovate. + # details at https://semantic-release.gitbook.io/semantic-release/usage/installation#global-installation + - run: npx semantic-release@21.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: npx semantic-release